You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/configuring-firewall.adoc
+19-18Lines changed: 19 additions & 18 deletions
Original file line number
Diff line number
Diff line change
@@ -265,47 +265,48 @@ Alternatively, if you choose to not use a wildcard for AWS APIs, you must includ
265
265
|===
266
266
|URL | Port | Function
267
267
268
-
|`mirror.openshift.com`
269
-
|443
270
-
|Required to access mirrored installation content and images. This site is also a source of release image signatures, although the Cluster Version Operator needs only a single functioning source.
271
-
272
-
|`storage.googleapis.com/openshift-release`
273
-
|443
274
-
|A source of release image signatures, although the Cluster Version Operator needs only a single functioning source.
275
-
276
268
|`*.apps.<cluster_name>.<base_domain>`
277
269
|443
278
270
|Required to access the default cluster routes unless you set an ingress wildcard during installation.
279
271
280
-
|`quayio-production-s3.s3.amazonaws.com`
272
+
|`*.cloudflarestorage.com`
281
273
|443
282
-
|Required to access Quay image content in AWS.
274
+
|Required to access mirrored installation content and images that were redirected from `mirror.openshift.com`.
283
275
284
276
|`api.openshift.com`
285
277
|443
286
278
|Required both for your cluster token and to check if updates are available for the cluster.
287
279
288
-
|`rhcos.mirror.openshift.com`
289
-
|443
290
-
|Required to download {op-system-first} images.
291
-
292
280
|`console.redhat.com`
293
281
|443
294
282
|Required for your cluster token.
295
283
284
+
|`mirror.openshift.com`
285
+
|443
286
+
|Required to access mirrored installation content and images. This site is also a source of release image signatures, although the Cluster Version Operator needs only a single functioning source.
287
+
288
+
|`quayio-production-s3.s3.amazonaws.com`
289
+
|443
290
+
|Required to access Quay image content in AWS.
291
+
296
292
// |`registry.access.redhat.com`
297
293
// |443
298
294
// |Required for `odo` CLI.
299
295
296
+
|`rhcos.mirror.openshift.com`
297
+
|443
298
+
|Required to download {op-system-first} images.
299
+
300
300
|`sso.redhat.com`
301
301
|443
302
302
|The `https://console.redhat.com` site uses authentication from `sso.redhat.com`
303
303
304
+
|`storage.googleapis.com/openshift-release`
305
+
|443
306
+
|A source of release image signatures, although the Cluster Version Operator needs only a single functioning source.
304
307
|===
305
-
Operators require route access to perform health checks. Specifically, the
306
-
authentication and web console Operators connect to two routes to verify that
307
-
the routes work. If you are the cluster administrator and do not want to allow
308
-
`*.apps.<cluster_name>.<base_domain>`, then allow these routes:
308
+
+
309
+
Operators require route access to perform health checks. Specifically, the authentication and web console Operators connect to two routes to verify that the routes work. If you are the cluster administrator and do not want to allow `*.apps.<cluster_name>.<base_domain>`, then allow these routes:
0 commit comments